Rapid decryption of data by key synchronization and indexing

ABSTRACT

A satellite broadcast conditional access system with key synchronization uses indexing of an authorization stream to quickly restart the decrypting process after short carrier fades and after carrier switches. The authorization stream includes cyphered seeds and index numbers which are sequentially sent to a group of receivers. The same authorization stream can also be broadcast multiple times to the group of receivers. A conditional access server selects a starting index number and increments the index number by a predefined value. The receivers have a memory to save the current index number for the authorization stream. Any receiver that loses its connection to the broadcast and thereafter reestablishes its connection can retrieve the latest index number being issued in the authorization stream and compare it with the stored index number. When the index numbers match or are within a defined threshold, the receiver will continue to decypher the seeds and decrypt the transport stream.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application claims the benefit of U.S. Provisional Application Ser.No. 60/482,235 filed Jun. 25, 2003.

STATEMENT REGARDING FEDERALLY SPONSORED RESEARCH OR DEVELOPMENT

Not Applicable.

BACKGROUND OF THE INVENTION

1. Field of the Invention

This invention relates generally to satellite broadcast systems and,more particularly, to a conditional access system for encrypting anddecrypting data.

2. Related Art

A conditional access system is used to permit access to a transportstream only to subscribers who have paid for it. This is generally doneby distributing the transport stream in encrypted form. Although anyintegrated receiver-decoder (IRD) that is connected to a satellitebroadcast network can receive the encrypted transport stream, only theIRDs of those authorized subscribers are able to decrypt the encryptedtransport stream. The IRD determines whether the encrypted transportstream should be decrypted and, if so, to decrypt it to produce adecrypted transport stream comprising information making up thebroadcast program.

After a subscriber has purchased a service, a service provider sendsmessages to the subscriber's IRD with an authorization stream for thepurchased services. The authorization stream may be sent with thetransport stream or may be sent via a separate channel to an IRD.Various techniques have been used to encrypt the authorization stream.The authorization stream may include a seed as a key for a service ofthe service provider and an indication of what programs in the servicethe subscriber is entitled to receive. If the authorization streamindicates that the subscriber is entitled to receive the program of anencrypted transport stream, the IRD decrypts the encrypted transportstream using the received seed.

A well known problem concerning such conditional access systems is thatthe IRDs may suffer either carrier fades or be switched between carriersbearing the same instantiation of the service provider. It is thereforedesirable for the IRDs to recover and pass a correctly decryptedtransport stream to downstream processing stages as quickly as possible.However, the magnitude of time delay in the recoveries, on a typicallarge network (12,000 satellite IRDs) can be extremely long, such as oneor two minutes in legacy systems. Other implementations of conditionalaccess solve the problem of quick restoration of the IRD's decrypter byeither risking that still-scrambled material may inadvertently be passedto the downstream processing stages, or consuming far more bandwidth inthe transport stream to send cyphered seeds.

Hence, there is a need in the industry for an efficient and reliabletechnique for rapidly decrypting data after brief or extended loss oftransport or authorization streams due to short carrier fades orswitches. For that purpose, the conditional access system should allowthe IRDs to quickly determine, after restoration of the data linkfollowing a carrier fade or switch, whether their stored copies of thedecryption seeds are still current and correct. Furthermore, it isneeded to greatly reduce the likelihood that the carrier fade or switchcould prevent the IRD from getting at least one copy of its own messageswithout the need for consuming large amounts of bandwidth.

SUMMARY OF THE INVENTION

It is in view of the above problems that the present invention wasdeveloped. The present invention is a satellite broadcast conditionalaccess system with key synchronization that allows the IRDs to quicklyrestart the decrypting process after short carrier fades and aftercarrier switches when they are within the same protected network. Theinvention uses an indexed authorization stream allowing the IRDs toquickly decide, after restoration of the data link following a carrierfade or switch, whether their stored copies of the decrypting seeds arestill current and correct. The invention also uses multipletransmissions of the cyphered seeds during each distribution periodproviding the IRD with multiple opportunities to receive the currentseed.

For the first attribute, the index numbers on all the authorizationstreams are assigned in a manner such that the authorization stream maybe identified and that the specific time epoch of those cyphered seedsmay be determined. When a conditional access server program initializes,it randomly selects the starting index number from a domain of numbers,and applies this number to each and every authorization stream bearing acyphered seed. Then, while in operation, it increments that index by apredefined value at each new distribution period, i.e., an odd/evenflavor switch according to the preferred embodiment. The IRDs, in theirturn, after reestablishing connection to the carrier-borne transportstream, may quickly retrieve the index numbers being issued in theauthorization stream and compare them to the same for both flavors ofthe cyphered seeds it keeps in volatile storage. If those numbers match,then the IRD will then immediately decypher those seed(s) and restartdecrypting on the transport stream knowing it is using the correct seed.This restart may commence very quickly after the authorization stream isdetected, and that the IRD need not wait until its own messages arereceived and decyphered.

For the second attribute, the distribution of the cyphered seeds isrepeatedly sent with considerable delay between the cyphered seedmessages. This greatly reduces the likelihood that a carrier switch or ashort fade could prevent the IRD from getting at least one copy of itsown cyphered seed message during each distribution period.

Further features and advantages of the present invention, as well as thestructure and operation of various embodiments of the present invention,are described in detail below with reference to the accompanyingdrawings.

BRIEF DESCRIPTION OF THE DRAWINGS

The accompanying drawings, which are incorporated in and form a part ofthe specification, illustrate the embodiments of the present inventionand together with the description, serve to explain the principles ofthe invention. In the drawings:

FIG. 1 illustrates a systematic diagram of a satellite broadcastconditional access system according to the present invention;

FIG. 2 illustrates a flowchart of operations that are performed at aconditional access server to generate authorization stream sent tocryptographic multiplexers;

FIG. 3 illustrates a diagram of how authorization stream is structuredduring a flavor distribution period;

FIG. 4 illustrates a flowchart of operations that are performed todecypher authorization stream and encrypt transport stream using anencryption seed at a cryptographic multiplexer;

FIG. 5 illustrates a flowchart of operations that are performed at anIRD to decypher authorization stream and maintain IRD synchronization tothe conditional access system in steady state operation;

FIG. 6 illustrates a diagram of conditional access system timing for keysynchronization when an authorization stream is distributed and atransport stream is encrypted at the cryptographic multiplexer anddecrypted at the IRD; and

FIG. 7 illustrates a flowchart of operations that are performed at theIRD to rapidly decrypt data by key synchronization and indexing afterbrief or extended loss of transport stream.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

Referring to the accompanying drawings in which like reference numbersindicate like elements, FIG. 1 illustrates a systematic diagram of asatellite broadcast conditional access system 10 according to thepresent invention. The conditional access system 10 provides dynamicscrambling security to an entire MPEG transport stream 12. Theconditional access system 10 generally consists of a server 14 andreceivers 20. In a preferred embodiment of the invention, the server 14is comprised of a conditional access server 16 and cryptographicmultiplexers 18. The receivers 20 are generally referred to asintegrated receiver-decoders (IRDs) 20.

The encryption function 22 in the conditional access server 16 providesan authorization stream 24 bearing cyphered messages which can only bedecyphered and read by authorized devices. These messages give thecryptographic multiplexers 18, at the satellite uplink, and theauthorized IRDs 20, at the downlink sites, a sequence of cypheredencrypting seeds. The cryptographic multiplexers 18 extract their owncyphered encryption seeds using their own serial number, and theirdecrypter 26 decyphers the cyphered encrypting seeds to get anencryption seed. These seeds initialize scrambler 28, in thecryptographic multiplexers 18 which appears to randomly encrypt theencrypt able portions of the MPEG transport stream 12. The authorizationstream 24 and the encrypted transport stream 30 are transmitted throughan interposed satellite broadcast network 31 by the multiplexer 32 andreceived by the input module 34 of the IRDs 20. Like the cryptographicmultiplexers 18, the host microprocessor 36 of IRDs extract their owncyphered encryption seeds using their own serial number, and theirdecrypters 38 decypher the cyphered encrypting seeds to get an originalencryption seed. Since the encrypting operation is symmetric, theencrypting seed sent to the IRDs 20 allows descrambler 40 to decrypt thetransport stream encrypted by the cryptographic multiplexer 18.

At the uplink site, a conditional access server 16 runs the conditionalaccess system 10. It can retrieve database information 41 from aconditional access database 42 by a network connection to theconditional access server 16 if on separate machines. This informationis used to build and edit a list of authorized IRDs 20 by serial numbern 102 under local operator control. FIG. 2 illustrates a flowchart ofoperations that are performed at a conditional access server 16 togenerate authorization stream 24 sent to cryptographic multiplexers 18.At initialization, or after any change to the authorized list, theconditional access server 16 accesses its encryption function 22(operation 200). This function contains a secret identification number W112 unique to the particular customer (operation 210). In the case wherethe conditional access system 10 is controlled by a service provider andone or more customers are using the system, the secret identificationnumber is only known by each respective customer and is not known to oraccessible by any person at the service provider. The serial numbers 102are reported to the encryption function 22 (operation 200) and, for eachone, the encryption function 22 finds the encrypted serial number S_(n)114 by implementing the function S_(n)=F (W∥n); where ‘∥’ is theconcatenation operator, and where “F( )” is a one-way hash function,i.e., a function that is computationally easy to perform in onedirection, but extremely difficult to reverse (operation 210). Theencryption function 22 then provides the S_(n)'s 114 to the conditionalaccess server 16.

When the conditional access server's encryption engine is activated, itgenerates a sequence of random numbers K_(i) 122 and associated indexnumbers i 124 (operation 220). While each K_(i) in the sequence isindependently random, the i values preferably begin with a randomlyselected number, i.e., the initial index number is randomly generated.In a preferred embodiment of the invention, the i index then incrementsby a given value, preferably one, for each new (K_(i),i) pair 122, 124that is generated. For each pair 122, 124 in the sequence, theconditional access server 16 creates a cyphered message for everyauthorized IRD 20 plus all encrypting cryptographic multiplexers 18. Itdoes this using the list of secret serial numbers S_(n) 114. Eachcyphered message (CM) contains a value C_(ni) 126, the index i, 124 thedestination unit serial number n 102, and an even/odd flavor indicator128. The value C_(ni) is calculated (operation 220): C_(ni)=K_(i) xorF(S_(n)∥i) and it is called the cyphered seed 126. After the entire setof cyphered messages is distributed, the conditional access server 16sends either an encryption ON or OFF message 130, addressed to all. Theaggregate of all these messages (C_(ni) 126, i 124, n 102, an even/oddflavor indicator 128, an encryption ON or OFF message 130) is generallycalled the authorization stream 24. This stream then feeds thecryptographic multiplexers 18 (operation 230).

The authorization stream 24 is preferably structured as shown in FIG. 3.The time interval over which cyphered messages are used to distribute a(K_(i),i) pair 122, 124 to the universe of IRDs 20 and cryptographicmultiplexers 18 is the odd/even flavor distribution period 142. Withinthis period, all the cyphered messages 144 intended for the downlinkIRDs 20 are sent first as an ordered group. The ordered group is a setof cyphered messages (CM₁, CM₂, . . . , CM_(m)) corresponding with thegroup of IRDs (IRD₁, IRD₂, . . . , IRD_(m)), respectively. For eachdistribution period, the cyphered messages will all contain the sameindex number and even/odd flavor indicator, but will vary according tothe IRD_(n) serial numbers (S_(n1), S_(n2), . . . , Sn_(nm)). Of course,the cyphered seed 126 will also vary according to the different serialnumbers based on operation 220. Then that whole set of messages 146 isrepeated in the same order. Following this, there is a delay period 148where no messages are transmitted. Then cyphered messages 150 addressedto all the cryptographic multiplexers 18 listed in the conditionalaccess database 42 are sent, in order, just once. This is followedpreferably, without delay, by some number of encryption ON or OFFcommands 130. After this, there is another delay 154 before transmissionof the next (K_(i),i) pair 122, 124 begins, which preferably has theopposing odd/even flavor 156.

In a preferred embodiment of the invention, the conditional accesssystem 10 may be in one of three states. They are (1) encryption off;(2) encryption on and starting up; (3) encryption on static. In thefirst state, the engine continues to create the (K_(i),i) pairs 122,124, but only a single encryption off authorization message is sent atthe end of each distribution period. In the second state, the enginebegins distribution of the encrypting seeds. At the end of the first twodistribution periods, the conditional access server 16 sends anencryption off message 130 to all devices. After the second state, theconditional access system 10 enters the third state. Here, after theseeds have been distributed to the IRDs 20 and cryptographicmultiplexers 18, an encryption on message 130 is sent to all devices.Note that there is no similar transition from the encryption on state tothe off state. As soon as the user orders encryption to stop,distribution of new seeds ceases immediately and the very nextauthorization message sent is an encryption off message 130.

In the preferred embodiment of the invention, the list of allcryptographic multiplexers 18 which may do encryption is found in theassociated conditional access database 42. The presence or absence ofthe cryptographic multiplexer 18 from conditional access system'sauthorized list does not mean the same thing as the presence or absenceof an IRD 20, as shall be seen. If a cryptographic multiplexer 18 is inthe conditional access database 42, then, when the conditional accessstate is encryption on, the cryptographic multiplexer 18 will always bereceiving addressed authorization messages from the conditional accesssystem 10. However, the cryptographic multiplexer behavior is thenaffected by the conditional access mode in use while encryption is on.In the preferred embodiment of the invention, only the authorizedcryptographic multiplexers 18 receive addressed encryption on commands,while the unauthorized cryptographic multiplexers (in the conditionalaccess database but not authorized in conditional access) receiveaddressed encryption off commands. For all networks logically connectedto those unauthorized cryptographic multiplexers 18, this has the effectof leaving them completely in the clear (unencrypted).

The cryptographic multiplexer 18 has three functions within theconditional access system 10: (1) to receive and decypher the nextencrypting seed, (2) to encrypt the required program IDs (PIDs) in theMPEG transport stream 12 using that seed, and to (3) inject theauthorization stream into a ghost PID of the transport stream for use bythe authorized IRDs. In support of these functions, the cryptographicmultiplexer 18 accepts the authorization stream 24 from the conditionalaccess server 16. In addition, it accepts an MPEG transport stream 12,provides the encrypting processing, and then outputs it, preferably forultimate distribution to a network of downlink IRDs 20.

FIG. 4 illustrates a flowchart of operations that are performed todecypher authorization stream 24 and encrypt transport stream 12 usingan encryption seed 122 at a cryptographic multiplexer 18. Near the endof the flavor distribution period 142 of a particular odd/even flavor128, there is sequence of authorization streams 24 directed tocryptographic multiplexers 18. If the host processor in a cryptographicmultiplexer receiving the stream detects it's own unit serial number n102 in an authorization stream 24 (operations 400 and 410), then thatstream is passed to a decrypter 26. This decrypter, when it wasprogrammed at the factory, had been given the unit's pre-calculated,encrypted serial number S_(n) 114. This is the same S_(n) alsocalculated by the encryption function 22 in the conditional accessserver 16. So the decrypter 26 then takes the incoming (C_(ni),i) pairand computes the corresponding K_(i) 122 from the equation (operation420): K_(i)=C_(ni) xor F(S_(n)∥i). This is the same K_(i) value whichoriginated in the conditional access server 16. It is an encryption seedvalue 122, which is then loaded into the encrypting hardware, scrambler28.

In a preferred embodiment of the invention, once the new encryption seedvalue is available, the host processor immediately sets the scrambler 28to begin encrypting using that value if (1) the conditional accessserver 16 has previously sent an encryption ON command 130 more recentlythan an encryption OFF command, and (2) the cryptographic multiplexer 18has been set to accept those commands. The encryption seed value usedfor encrypting is the starting state of a linear feedback shift register(LFSR) generator of the scrambler 28 (operation 430), a device whichcreates a pseudo-random bit sequence. This sequence of bits is XOR'dwith several of the low-order bits in nearly every byte of the payloadof the eligible MPEG packets 12, not including the authorizationstream-carrying packets. The encryption bit on those packets is then setto indicate to IRD descrambler 40 that those packets are encrypted. Inaddition, the even-odd bit is set to show which flavor of seed was usedto do that encrypting. When the next encryption seed is received by thecryptographic multiplexer 18, it will have the opposing flavor, and whentransport streams are encrypted using that new encryption seed, theodd-even bit in the transport streams is toggled to that new opposingstate.

While the cryptographic multiplexer 18 is decyphering new encryptionseeds and using them to encrypt the transport stream 12, it is alsoinjecting the authorization stream 24 into the transport (operation440). This operates as a simple logical pipe from the cryptographicmultiplexer host processor to all the IRD host processors 36. Theauthorization stream 24 is inserted as the payload into MPEG packets. Asthese packets are built, they are queued within the cryptographicmultiplexer 18. Each authorized IRD 20 in the receiving network hasthree tasks to perform within this conditional access system 10: (1)extract and decypher its own authorization streams to get new encryptionseeds, (2) decrypt the encrypted transport stream packets 30 and passthe new clear packets to the payload processing portion of the IRD 20,and (3) achieve and maintain synchronization to the timing of thecryptographic multiplexer scrambler 28, to ensure that decrypting isdone with the correct seed.

FIG. 5 illustrates a flowchart of operations that are performed at anIRD 20 to decypher authorization stream 24 and maintain IRDsynchronization to the conditional access system 10 in steady stateoperation. In each IRD 20 receiving the encrypted transport stream 30,the authorization stream 24 is demultiplexed out by the transport demuxchip 44 (operation 500). This stream 24 is passed to the local hostmicroprocessor 36 and it extracts the secret (C_(ni),i) 126, 124 messageaddressed to that particular unit by serial number 102 (operation 510).In a preferred embodiment of the invention, every IRD's (C_(ni),i)message is sent twice (refer to FIG. 3), which greatly reduces thelikelihood that a carrier switch or a short fade could prevent the IRD20 from getting at least one copy of its own cyphered seed messageduring each flavor distribution period. As received, cyphered messagesare passed to the decrypter 38. This decrypter 38 is preferablyidentical to the decrypter 26 installed in cryptographic multiplexers18. It proceeds to decypher the new K_(i) seed values 122 in the samemanner as the decrypter 26 within the cryptographic multiplexer 18(operation 520). Those new seeds are then loaded to the odd/even flavorregister in the descrambler 40 corresponding to that seed's flavor(operation 530). When this is done, a flag is set in the descrambler 40to signal that a new valid seed of a particular odd/even flavor isavailable.

As described above, the IRD 20 detects authorization streams 24addressed to itself and routes the enclosed (C_(ni),i) pair 126, 124 tothe decrypter 38. In addition, it maintains a circular buffer involatile memory where the last messages received of each odd/even flavorare stored. When new messages are received, they overwrite the previousmessage of the same flavor. The purpose of this, which shall bediscussed in more detail below, is to provide a way for IRDs 20 torecover from brief losses of transport stream input and, of course, lossof the authorization stream as well.

The IRD 20 accepts an incoming MPEG transport stream 12, either from asatellite carrier or from a terrestrial interface. It applies a processof decrypting the transport stream which is essentially identical to theencrypting operation. The payload of the transport stream packets areXOR'd by the same pseudo-random bit sequence which encrypted them jinthe cryptographic multiplexer 18. This process restores the payloads ofthose transport stream packets back to the clear or normal state. Thosepackets are then routed to the downstream processing circuitry 46 withinthe IRD 20.

IRD synchronization to the conditional access system 10 differsdepending on the state of the system. Steady state operation of anauthorized IRD 20 and the several transient states are discussed indetail below: (1) authorization by conditional access system, (2)de-authorization by conditional access system, (3) brief transportstream loss, and (4) extended transport stream loss.

In steady state operation of the system, authorization streams bearingthe cyphered seeds of a particular flavor are distributed to thecryptographic multiplexers 18 and IRDs 20 while those same units areencrypting and decrypting with the previously distributed seed of theopposing odd/even flavor. Within the IRDs themselves, thesynchronization is maintained as follows. When a seed of a particularflavor is received, decyphered, and loaded to the IRD 20, anX_SEED_WRITTEN flag is SET within the IRD 20 (where X designates theseed's odd/even flavor). When the IRD detects that the odd/even flavorbit in the incoming encrypted transport streams changes (operation 540,referring to FIG. 5), it looks to see if the X_SEED_WRITTEN flagcorresponding to the new flavor is set (test 550). If so, it knows ithas a valid seed for that new flavor, and it begins decryptingimmediately (operation 560). If not, it blocks all incoming encryptedtransport streams 30 from entering the IRD demux chip 44 and clears theX_SEED_WRITTEN flag (operation 570). When the very next flavor changeoccurs in the incoming encrypted transport packet stream 30, that sameflag clears in anticipation of the distribution of the next seed of thatflavor.

FIG. 6 illustrates a diagram of conditional access system timing for keysynchronization when an authorization stream is distributed and atransport stream is encrypted at the cryptographic multiplexer 18 anddecrypted at the IRD 20. The new odd seed is written to odd seedregister 158, setting the ODD_SEED_WRITTEN flag. At that moment, theincoming transport stream is still being encrypted with the previouseven seed 160 at the cryptographic multiplexer 18 during an even flavorperiod 162. Later, the transport stream flavor 128 switches from even toodd. The odd seed then begins being used to decrypt at the IRD 20 duringan odd flavor period 164. At the next flavor switch within the transportstream, from odd back to even, the ODD_SEED_WRITTEN flag will becleared. But the authorization stream distribution period 164 for oddseeds is just beginning, and soon a new odd seed will be received,setting the flag once again. At that time, new even seed is written toeven seed register 166, setting the EVEN_SEED_WRITTEN flag.

When an IRD 20 is unauthorized in the conditional access system 10, itdoes not receive the cyphered authorization streams, addressed toitself, bearing its own (C_(ni),i) value pair. Without the (C_(ni),i)pair 126, 124, seeds cannot be decyphered, so the X_SEED_WRITTEN flagsremain continuously clear, and the IRD removes all incoming encryptedtransport streams and substitutes null streams. When the IRD 20 is firstauthorized in the conditional access system 10, authorization streamsaddressed to it begin to be received. In the flavor distribution periodcorresponding to the first addressed stream received by the IRD 20, theIRD basically performs the following steps: (1) a seed of a particularflavor is later received, decyphered, and loaded to the descrambler 40,setting that respective X_SEED_WRITTEN flag; (2) the odd/even flavor bitin the incoming encrypted transport stream packets later changes over tothat flavor; and (3) the seed is used to decrypt the encrypted transportstreams. Starting with the steady state described earlier, when an RD 20is de-authorized by conditional access system 10, it stops receivingauthorization streams.

Since the IRDs 20 may suffer either short carrier fades or deliberatecarrier switches between carriers bearing the same instantiation of aconditional access system 10, transport streams could be briefly lost.FIG. 7 illustrates a flowchart of operations that are performed at theIRD 20 to rapidly decrypt data by key synchronization and indexing afterbrief or extended loss of transport stream. When the transport stream isfirst lost (operation 700), the IRD host 36 resets the descrambler 40(operation 710). This clears the X_SEED_WRITTEN flags and will blockencrypted transport packets from entering the IRD demux chip 44. But,authorization stream will not be blocked. Later, when the host 36detects the restored transport stream (operation 720), it will beginmonitoring the authorization stream channel (if available). The firstauthorization stream 24 detected, even if not addressed to itself, willbe examined for its i index 124 and its odd/even flavor 128 (operation730). The IRD host 36 will then exploit the simple knowledge that if thecurrently distributed encryption seed has an index of i₀, then thecurrent encrypting is being done using the seed associated with indexi₀−1. If either of the stored authorization streams has an i index valueequal to either i₀ or i₀−1 l (test 740), then the assumption is madethat (1) the new transport stream bears the same authorization stream asbefore and (2) the IRD 20 already has the stored authorization streamscorresponding at least to the current seed being used to encrypt. Inthis case, the IRD 20 then progresses through the following sequence:(1) the stored authorization streams whose i index values equal i₀ ori₀−1 are sent by the IRD host 36, in order of increasing magnitude, tothe decrypter 38; (2) the decrypter 38 decyphers one or twoauthorization streams and the K_(i) 122 results are loaded to therespective odd/even flavor encrypting register(s) (operation 750); (3)the X_SEED_WRITTEN flags corresponding to whichever flavor seed(s)was/were loaded are set; (4) the next arriving encrypted transportstream is treated as if it was logically an odd/even flavor change and,if the X_SEED_WRITTEN flag for the new incoming encrypting flavor isset; (5) the IRD descrambler 40 commences to decrypt all the incomingencrypted transport streams (operation 760). The IRD then functions asdescribed in the steady state operation.

For all losses of transport streams, the X_SEED_WRITTEN flags arecleared, the IRD host 36 resets the descrambler 40. As just described,when the transport stream is restored, the IRD host 36 examines thefirst authorization streams received. In the case where the firstincoming authorization stream's i index value is not exactly equal to,or is not equal to one more than either of the i index values in thestored authorization streams, then the IRD host 36 assumes that thestored cyphered seeds are unusable. From then on, it behaves as if ithad just boot up. The IRD 20 remains unauthorized until the IRD firstgets an addressed cyphered seed through authorization stream and, thenceuntil the succeeding transport encrypting flavor switch. Note that thisholds true if the IRD 20 switched to an encrypted transport stream witha different authorization stream, or if the IRD 20 has been disconnectedfrom the original authorization stream for an extended period. In apreferred embodiment of the invention, an extended period would be anyoutage exceeding half of the difference between flavor distributionperiod 142 and the total delays 148, 154 where double-sending of thecyphered seeds is employed (referring to FIG. 3). Failing to usedouble-sending of the seeds could cause an IRD 20 to miss its currentseed distribution on even the shortest outages. In this case, the IRD 20will appear to initially recover after an outage, but revert tounauthorized at the next flavor switch and remain that way through thatnext flavor distribution period.

In view of the foregoing, it will be seen that the several advantages ofthe invention are achieved and attained. The embodiments were chosen anddescribed in order to best explain the principles of the invention andits practical application to thereby enable others skilled in the art tobest utilize the invention in various embodiments and with variousmodifications as are suited to the particular use contemplated.

As various modifications could be made in the constructions and methodsherein described and illustrated without departing from the scope of theinvention, it is intended that all matter contained in the foregoingdescription or shown in the accompanying drawings shall be interpretedas illustrative rather than limiting. Thus, the breadth and scope of thepresent invention should not be limited by any of the above-describedexemplary embodiments, but should be defined only in accordance with thefollowing claims appended hereto and their equivalents.

1. A method of encrypting data for rapid decryption, the methodcomprising the steps of: sequentially generating a plurality of randomnumbers; sequentially generating a plurality of index numbersrespectively associated with said random numbers, wherein a first indexnumber is initially generated and said index numbers increment by apredefined value; calculating a plurality of cyphered seeds according toa combination of each one of said random numbers and each one of saidrespectively associated index numbers; sending said plurality ofcyphered seeds and said corresponding index numbers from a server to atleast one receiver; and resending each one of said plurality of cypheredseeds and said corresponding index numbers from said server to saidreceiver, wherein a cyphered seed and index number pair is resent beforesending a subsequent cyphered seed and index number pair.
 2. The methodaccording to claim 1, wherein said generating of said index numbers isfurther comprised of the step of randomly generating said first indexnumber.
 3. The method according to claim 1, wherein said sending andresending steps further comprise the steps of sending a first flavoredcyphered seed and index number pair and resending said first flavoredcyphered seed and index number pair.
 4. The method according to claim 3,wherein said sending and resending steps further comprise the steps of:sending a second flavored cyphered seed and index number pair; resendingsaid second flavored cyphered seed and index number pair; and repeatingsaid sending and resending steps for a plurality of first flavoredcyphered seed and index number pairs and for a plurality of secondflavored cyphered seed and index number pairs.
 5. The method accordingto claim 1, further comprising the steps of: decyphering said cypheredseed and index number pair; storing said decyphered seed and indexnumber pair in a memory; repeating said decyphering and storing stepsfor a plurality of subsequent cyphered seed and index number pairs untilan occurrence of a reset; after said reset, decyphering a most recentlyreceived index number and comparing said most recently received indexnumber with said stored index number; and continuing with saiddecyphering and storing steps if said most recently received indexnumber is within a defined tolerance of said stored index number.
 6. Themethod according to claim 5, further comprising the steps of: when acyphered seed of a particular flavor is received, decyphered, and loadedto said receiver, setting a flavor seed flag to designate said flavor;and when said receiver detects that a flavor in incoming encryptedtransport streams changes to a new flavor, examining whether said flavorseed flag is set to correspond said new flavor for checking if saiddecyphered seed is valid to decrypt said incoming encrypted transportstreams.
 7. The method according to claim 5, further comprising the stepof defining said tolerance of said stored index number to one.
 8. Themethod according to claim 5, further comprising the steps of: sending agroup of cyphered seed and corresponding index number pairs from saidserver to a respective group of receivers during a flavor distributionperiod; resending said group of cyphered seed and corresponding indexnumber pairs to said respective group of receivers during said flavordistribution period; and repeating said sending and resending steps fora plurality of subsequent groups of cyphered seed and correspondingindex number pairs to said respective group of receivers.
 9. The methodaccording to claim 8, wherein said repeating step further comprises thestep of switching between a first flavor and a second flavor.
 10. Themethod according to claim 8, further comprising the step of sending anauthorization stream from said server to said group of receivers duringsaid flavor distribution period, said authorization stream comprisingsaid group of cyphered seed and corresponding index number pairs, aplurality of serial numbers corresponding to said respective group ofreceivers, a flavor indicator, and an encryption on/off message.
 11. Themethod according to claim 10, further comprising the step of indicatingto said group of receivers whether corresponding transport streams areencrypted according to said encryption on/off message.
 12. The methodaccording to claim 10, further comprising the step of generating aplurality of secret serial numbers according to a combination of asecret identification number and a serial number associated with each ofsaid receivers.
 13. The method according to claim 12, further comprisingthe step of allowing a customer controlling said group of receivers togenerate said secret identification number unique to said customer. 14.The method according to claim 12 wherein said step for calculating aplurality of cyphered seeds is further comprised of the step ofcombining each one of said random numbers and said respectivelyassociated index numbers with each one of said secret serial numbers.15. A method of encrypting data for rapid decryption, the methodcomprising the steps of: sequentially generating a plurality of randomnumbers; sequentially generating a plurality of index numbersrespectively associated with said random numbers, wherein a first indexnumber is initially generated and said index numbers increment by apredefined value; calculating a plurality of cyphered seeds according toa combination of each one of said random numbers, each one of saidrespectively associated index numbers, and a plurality of serial numbersrespectively associated with a group of receivers; sending a group ofcyphered seed and corresponding index number pairs from a server to saidgroup of receivers during a flavor distribution period; resending saidgroup of cyphered seed and corresponding index number pairs to saidgroup of receivers during said flavor distribution period; repeatingsaid sending and resending steps for a plurality of subsequent groups ofcyphered seed and corresponding index number pairs to said group ofreceivers, extracting a cyphered seed using its serial number from saidcyphered seed and index number pairs in each one of said receivers;decyphering said cyphered seed and index number pairs in each one ofsaid receivers; storing said decyphered seed and index number pair in amemory of each one of said receivers; repeating said decyphering andstoring steps for a plurality of subsequent cyphered seed and indexnumber pairs until an occurrence of a reset; after said reset,decyphering a most recently received index number and comparing saidmost recently received index number with said stored index number; andcontinuing with said decyphering and storing steps if said most recentlyreceived index number is within a defined tolerance of said stored indexnumber.
 16. The method according to claim 15, wherein said generating ofsaid index numbers is further comprised of the step of randomlygenerating said first index number.
 17. The method according to claim15, further comprising the step of sending an authorization stream fromsaid server to said group of receivers during said flavor distributionperiod, said authorization stream comprising said group of cyphered seedand corresponding index number pairs, said plurality of serial numberscorresponding to said respective group of receivers, a flavor indicator,and an encryption on/off message.
 18. The method according to claim 15,further comprising the step of generating a plurality of secret serialnumbers according to a combination of a secret identification number anda serial number associated with each of said receivers.
 19. The methodaccording to claim 18, further comprising the step of allowing acustomer controlling said group of receivers to generate said secretidentification number unique to said customer.
 20. The method accordingto claim 18, wherein said secret serial numbers are used as said serialnumbers in calculating said cyphered seeds.
 21. The method according toclaim 15, further comprising the steps of: receiving, decyphering, andloading at least one of said cyphered seeds of an indicated flavor ineach one of said receivers; respectively setting a flavor seed flag ineach one of said receivers to designate said indicated flavor; detectinga flavor change associated with a new flavor in incoming encryptedtransport streams in each one of said receivers; determining whethersaid flavor seed flag is set to correspond with said new flavor andwhether said decyphered seed is valid in each one of said receivers; anddecrypting said incoming encrypted transport streams in each one of saidreceivers when said decyphered seed is valid.
 22. The method accordingto claim 15, further comprising the step of defining said tolerance ofsaid stored index number to one.
 23. A system for encrypting anddecrypting data, comprising: means for sequentially generating aplurality of random numbers and a plurality of index numbersrespectively associated with said random numbers, wherein a first indexnumber is initially generated and said index numbers increment by apredefined value; means for calculating a plurality of cyphered seedsaccording to a combination of each one of said random numbers, each oneof said respectively associated index numbers, and a plurality of serialnumbers respectively associated with a group of receivers; means forsending a group of cyphered seed and corresponding index number pairsfrom a server to said group of receivers during a flavor distributionperiod, and resending said group of cyphered seed and correspondingindex number pairs to said group of receivers during said flavordistribution period; means for extracting a cyphered seed andcorresponding index number from said cyphered seed and index numberpairs, wherein at least one of said serial numbers is used to extractsaid cyphered seed; a decrypter in operative communication with saidextracting means receives said extracted cyphered seed and said indexnumber and decyphers said cyphered seed into a decyphered seed; a memorydevice in operative communication with said decrypter receives andstores said decyphered seed and index number; means for setting a resetcommand and thereafter comparing a new index number with said storedindex number according to a defined tolerance.
 24. The system accordingto claim 23, wherein said first index number is further comprised of arandomly generated number.
 25. The system according to claim 23, whereinsaid means for generating said random numbers and said index numbers iscomprised of a server with a computer processor.
 26. The systemaccording to claim 23, wherein said means for calculating said cypheredseeds is comprised of an encryption function in said server.
 27. Thesystem according to claim 23, wherein said means for sending andresending said cyphered seed and index number pairs from said server tosaid receivers is comprised of a multiplexer controlled by said server.28. The system according to claim 23, wherein said means for extractingsaid cyphered seed, setting said reset command, and returning to saidsteady state operation is comprised of a host microprocessor in at leastone of said receivers.
 29. The system according to claim 23, whereinsaid defined tolerance of said stored index number is one.
 30. Thesystem according to claim 23, wherein said plurality of serial numbersare further comprised of a combination of a secret identificationnumber, and wherein said secret identification number is unique to acustomer controlling said group of receivers.
 31. A server forencrypting data, comprising: means for sequentially generating aplurality of random numbers and a plurality of index numbersrespectively associated with said random numbers, wherein a first indexnumber is initially generated and said index numbers increment by apredefined value; means for calculating a plurality of cyphered seedsaccording to a combination of each one of said random numbers and eachone of said respectively associated index numbers; and means for sendinga group of cyphered seed and corresponding index number pairs from aserver to a respective group of receivers during a flavor distributionperiod, and resending said group of cyphered seed and correspondingindex number pairs to said respective group of receivers during saidflavor distribution period.
 32. The system according to claim 31,wherein said first index number is further comprised of a randomlygenerated number.
 33. The system according to claim 31, wherein saidcyphered seeds are further comprised according to a combination of saidrandom numbers and said index numbers with a plurality of serial numbersrespectively associated with said group of receivers.
 34. The systemaccording to claim 33, wherein said plurality of serial numbers arefurther comprised of a combination of a secret identification number,and wherein said secret identification number is unique to a customercontrolling said group of receivers.
 35. An integrated receiver decoderfor decrypting data, comprising: means for extracting a cyphered seedand a corresponding index number from a group of cyphered seed and indexnumber pairs; wherein a plurality of serial numbers are used to generatea plurality of cyphered seeds and wherein at least one of said serialnumbers is used to extract said cyphered seed; a decrypter in operativecommunication with said extracting means receives said extractedcyphered seed and said corresponding index number and decyphers saidcyphered seed into a decyphered seed; a memory device in operativecommunication with said decrypter receives and stores said decypheredseed and index number; and means for setting a reset command andthereafter comparing a new index number with said stored index numberaccording to a defined tolerance.
 36. The system according to claim 35,wherein said defined tolerance of said stored index number is one.
 37. Acomputer-implemented method, comprising: sending, by an access server,one or more ciphered seeds and one or more index numbers associated withthe one or more ciphered seeds to at least one content receiver; andresending, by the access server, the one or more ciphered seeds and theone or more index numbers, wherein a ciphered seed and index number pairare sent before sending subsequent ciphered seed and index number pairs.38. The computer-implemented method as recited in claim 37 , furthercomprising determining one or more ciphered seeds by: sequentiallygenerating a plurality of random numbers; sequentially generating aplurality of index numbers associated with the random numbers; andcombining each random number with each index number associated with therandom number.
 39. The computer-implemented method as recited in claim38 , wherein a first index number is generated randomly and subsequentindex numbers are generated by incrementing the first index number by avalue.
 40. The computer-implemented method as recited in claim 37 ,wherein the one or more ciphered seeds and the one or more index numbersare sent and resent during a first flavor distribution period.
 41. Thecomputer-implemented method as recited in claim 40 , further comprising:sending, by the access server, a ciphered seed and an index number pairduring a second flavor distribution period; and resending, by the accessserver, the ciphered seed and the index number pair during the secondflavor distribution period.
 42. The computer-implemented method asrecited in claim 37 , further comprising sending, by the access server,an authorization stream, the authorization stream comprising the one ormore ciphered seeds, the one or more index numbers, one or more numbersassociated with one or more content receivers, a flavor indicator, andan encryption message.
 43. The computer-implemented method as recited inclaim 42 , wherein the one or more numbers associated with one or morecontent receivers are configured to enable decryption of the one or moreciphered seeds.
 44. The computer-implemented method as recited in claim42 , wherein the flavor indicator is configured to indicate an odd/evenflavor of the one or more ciphered seeds.
 45. The computer-implementedmethod as recited in claim 42 , wherein the encryption message isconfigured to indicate whether a transport stream is encrypted.
 46. Asystem for encrypting data, comprising: an access server configured togenerate one or more ciphered seeds; and a cryptographic multiplexerconfigured to: send the one or more ciphered seeds and one or more indexnumbers to one or more content receivers during a flavor distributionperiod; and resend the one or more ciphered seeds and the one or moreindex numbers to the one or more content receivers during the flavordistribution period.
 47. The system as recited in claim 46, wherein thecryptographic multiplexer is further configured to: send a ciphered seedand an index number pair during a second flavor distribution period; andresend the ciphered seed and the index number pair during the secondflavor distribution period.
 48. A computer-implemented method,comprising: receiving, by a content receiver, an encrypted data stream;extracting, by the content receiver, a ciphered seed and index numberpair from the encrypted data stream using a number associated with thecontent receiver; deciphering, by the content receiver, the cipheredseed to create a deciphered seed; storing, by the content receiver, thedeciphered seed and index number in memory; detecting, by the contentreceiver, a reset, and responsive to the reset: comparing a receivedindex number with the stored index number; and deciphering and storingadditional ciphered seeds responsive to the received index numbercorresponding to the stored index number.
 49. The computer-implementedmethod, as recited in claim 48 , wherein the received index numbercorresponds to the stored index number when the received index number iswithin a defined tolerance of the stored index number.
 50. Thecomputer-implemented method, as recited in claim 49 , wherein thedefined tolerance is one.
 51. The computer-implemented method, asrecited in claim 48 , further comprising deciphering and storing, by thecontent receiver, additional ciphered seed and index number pairs untila reset is detected.
 52. The computer-implemented method, as recited inclaim 48 , further comprising: deciphering, by the content receiver, aciphered seed corresponding to a first flavor; detecting, by the contentreceiver, a second flavor; determining, by the content receiver, whetherthe deciphered seed is valid by comparing the second flavor with thefirst flavor; and decrypting, by the content receiver, the encrypteddata stream responsive to the deciphered seed being valid.
 53. Thecomputer-implemented method, as recited in claim 52 , further comprisingblocking, by the content receiver, the encrypted data stream responsiveto the deciphered seed being invalid.
 54. A system for decrypting data,comprising: a demultiplexer configured to extract a ciphered seed froman encrypted data stream using a number associated with a contentreceiver; a decrypter configured to decipher the extracted cipheredseed; a processor configured to: detect a reset; and validate thedeciphered seed responsive to the reset; and a descrambler configured todecrypt the encrypted data stream using the deciphered seed responsiveto the deciphered seed being valid.
 55. The system, as recited in claim54, wherein the processor is configured to validate the deciphered seedby comparing an index number associated with the deciphered seed with astored index number.
 56. The system, as recited in claim 55, wherein theprocessor is configured to validate the deciphered seed by comparing theindex number associated with the deciphered seed with the stored indexnumber according to a defined tolerance.
 57. The system, as recited inclaim 54, wherein the processor detects a reset responsive to notreceiving an encrypted data stream.
 58. The system, as recited in claim54, wherein the processor detects a reset responsive to a change in anodd/even flavor associated with the encrypted data stream.
 59. Thesystem, as recited in claim 54, wherein the descrambler is furtherconfigured to block an encrypted data stream responsive to thedeciphered seed being invalid.
 60. A computer-implemented method,comprising: detecting, by a content receiver, a loss of an encrypteddata stream; determining, by the content receiver, an index number andodd/even flavor associated with a restored encrypted data stream;determining, by the content receiver, whether the index numbercorresponds to a stored index number; and decrypting, by the contentreceiver, the restored encrypted data stream using an encryption seedcorresponding to the stored index number if the index number correspondsto the stored index number.
 61. The computer-implemented method asrecited in claim 60 , wherein an index number (i) corresponds to astored index number (i ₀) when the index number (i) is equal to i ₀ or i₀ −1.
 62. The computer-implemented method as recited in claim 60 ,further comprising resetting, by the content receiver, a descramblerconfigured to descramble the encrypted data stream.
 63. Thecomputer-implemented method as recited in claim 60 , further comprisingblocking, by the content receiver, one or more encrypted data packetsassociated with the restored encrypted data stream.
 64. Thecomputer-implemented method as recited in claim 60 , further comprisingdeciphering, by the content receiver, at least one authorization streamto acquire an encryption seed.
 65. The computer-implemented method asrecited in claim 60 , further comprising waiting, by the contentreceiver, to receive an addressed ciphered seed responsive to the indexnumber not corresponding to the stored index number.